How will Google’s password-less technology work?

Early 2019 Google announced it would begin testing an alternative to passwords for apps and site logins on Android. Instead of passwords, Android users will be able to use their fingerprint or other biometrics as a new form of authentication. The new feature is called the Trust API and will be trialed across financial institutions before it is rolled out to the public.

Google aims to combine various factors to ensure a person is who they say they are when accessing an account. This includes mixing fingerprints, voice patterns, facial recognition and other factors together for authentication, making it ten times more secure than a fingerprint scanner alone. The service will also be running in the background each time your phone is used, meaning it will be able to keep track of exactly how you use your phone, increasing the likelihood that it spots a potential threat.

The main benefit of implementing this technology is to prevent online phishing, credit stuffing and other cyber-attacks. The risks associated with easy-to-hack passwords are lowered significantly with biometric technology as this data cannot be sold on the dark-web in the same way a person’s name and password can. Using biometrics as a form of authentication prevents a binary answer to a question e.g. this password is correct/incorrect and instead allows the technology to estimate how confident it is that you are using the device and asking for additional authentication factors if it is not sure.

In addition, the authentication required takes place on the device itself, meaning that no authentication data is transmitted to or held by the apps or websites, reducing the likelihood of your data being impacted, should a company’s data be hacked. Google calls this an ‘asymmetric’ model where only the user needs to prove they have ‘secret knowledge’ rather than both the website or app and the user, as is the case with a traditional password.

The convenience of using a combination of biometric technology instead of having to remember all the different passwords on each of the devices you own, could mean that passwords soon become a thing of the past!

Do you think it is a good idea to replace passwords with biometrics? Let us know in the comments section below